Home > mailing lists

Re: BUG #4340: SECURITY: Is SSL Doing Anything? - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Date	August 19, 2008 16:02:55
Msg-id	1667.1219161658@sss.pgh.pa.us Whole thread Raw
In response to	Re: BUG #4340: SECURITY: Is SSL Doing Anything? (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: BUG #4340: SECURITY: Is SSL Doing Anything?
List	pgsql-bugs

Tree view

Dan Kaminsky <dan@doxpara.com> writes:
> My question has been:  When you attempt to create an SSL connection to
> database.backend.com, do you actually validate that:

> 1) The subject name of the certificate you're connecting to is
> database.backend.com, and
> 2) At least the basic checks (expiration, chaining back to a valid root)
> occur?

[ shrug... ] We do whatever OpenSSL's default validation behavior is.
If that's inadequate you probably ought to be taking it up with them,
instead of trying to get downstream projects to fix it one at a time.

            regards, tom lane

pgsql-bugs by date:

From: Gregory Stark
Date: 19 August 2008, 09:35:03
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?

From: Dan Kaminsky
Date: 19 August 2008, 16:12:42
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?

Re: BUG #4340: SECURITY: Is SSL Doing Anything? - Mailing list pgsql-bugs

Previous

Next